Public Key Infrastructure (PKI) is used to establish a chain of trust so that a user, service, computer, or application can be authenticated, a secure connection can be established or the origin of software or documents can be validated. This is done through certificates, which a PKI creates, manages, distributes, but also can revoke. A certificate contains the public key, its corresponding private key must be kept safe and secret. It must be kept in a hardware security module (HSM).
Securing Microsoft PKI/CA
The Microsoft (MS) Server package already contains a PKI/CA. With that PKI, a Certificate Authority (CA) can be established. The trust of the entire system and validity of each issued certificate depends upon the protection of the CA key issuing the identities. Therefore, Microsoft best practices recommend storing private keys on a HSM. The PKI application is connected to the Primus HSM via the CNG Provider. Learn more on how to protect the MS PKI/CA in this solution brief.
Quantum Computers - A Threat for PKI?
What are the prerequisites for a secure PKI today? Will quantum computers make PKIs obsolete in the future? When are quantum computers really going to be available? Could blockchain provide a solution? At the event “About & Beyond PKI” in 2017 several speakers answered these questions. You can find a summary on this discussions here.
Photo credit: An IBM Q cryostat used to keep IBM’s 50-qubit quantum computer cold in the IBM Q lab in Yorktown Heights, New York.
SwissPKI - Managed Public Key Infrastructure
SwissPKITM is a feature rich, fully integrated Public Key Infrastructure service which helps expand your enterprise security: from large scale deployments to Embedded or CloudsHSMsolution, our service provides all necessary out-of-the box components to increase your digital security in a safe, simple and quick way.